Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
Web Hosting
Get Help
Net Connections
Macintosh
    Network Setup
   Security
   Software
   Printing
   File Storage
Windows PC
Unix/Linux System
Pangea Server
School Resources
Using Unix

Macintosh security concerns

Last revision July 19, 2004

Networking

Macintosh computers on the network are inherently more secure than other operating systems.

AppleShare file sharing

With most modern computer systems, it is possible to share your own files (the ones stored on your computer) over the network. While Macintosh networking protocols are also fairly secure, there are some risks that should be considered. When connecting to an AppleShare server, the software uses a simple encryption algorithm to transmit your password securely. It is difficult but not impossible to sniff your password as you log into an AppleShare server. However, once you are logged in, any and all data you send back and forth is transmitted insecurely.

There is one exception to password encryption. When using a third-party AppleShare server, such as pangea Aufs system, passwords are not encrypted. That is because the encryption is licensed by Apple and not available to the writers of third party servers.

While AppleShare is a reliable and securely authenticated protocol, it does leave your computer open. If someone manages to figure out your master password set in the "File Sharing" or "Sharing Setup" control panels, they can copy and delete whatever they want off your system. For this reason we recommend leaving File Sharing off unless you absolutely need it. You can turn file sharing on and off from those same control panels.

If you are going to use File Sharing, you can increase the security of your system by using hard to guess passwords. Additionally, in the Users & Groups control panel, you may want to turn off the ability of the owner to see all disks. You definitely want to turn off guest access to your computer. That way, if your password is ever compromised, only the parts of your disk that have been specifically shared will be vulnerable.

Kerberos

All Macintosh computers should have the MacLeland software package installed. This allows authenticated login to Stanford and Earth Sciences systems. See the Network Security page for more information about Kerberos.

Backup and file integrity

No computer is perfect and all computers will eventually fail. Additionally, no user is perfect and it is possible to make mistakes and accidentally delete important files. For that reason, we strongly recommend backing up important files on your computer such as Ph.D. theses or drafts of professional articles.

Many departments in the School of Earth Sciences run Retrospect backup servers that will automatically back up your files every night. You should contact your departmental administrator to see if your department or group offers that service.

If you don't have a Retrospect backup service available, we recommend backing up to a removable medium such as a Zip disk. Additionally, you can use the pangea Aufs AppleShare server to store important files. Remember that you only are allowed to use 100 megabytes total. That includes email, Macintosh files, and all other files. Limit your file storage on pangea Aufs to only the most important files.

Another important part of maintaining data integrity on your Macintosh is regular maintenance. It is possible after some applications crash, in particular Netscape, for your hard disk to become corrupted. Because of that, it is important that you use a utility such as Apple's Disk First Aid or Norton Utilities to regularly scan your hard disk drive for problems and fix them if necessary. Also, if you are running Mac OS 8.5 or later, make sure the Shut Down Warning is enabled in the General Controls Control Panel. While it may be annoying to wait for after a crash, it will help keep your computer healthy.

 


Comments?

Stanford University    |